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PRELIMINARY AMENDMENT 

Assistant Commissioner for Patents 
Washington, D.C. 20231 

Sir: 

Before examination, please amend this application as follows. 

IN THE SPECIFICATION 

Please REPLACE the heading at page 1, line 3 with the following heading. 

—Background- 
Please DELETE the heading at page 1, line 8. 

Please REPLACE the heading at page 2, line 9, with the following heading. 
—Summary— 



Tommi LINNAKANGAS, et al. 



Group Art Unit: Unassigned 



Application No.: Unassigned 



Examiner: Unassigned 



Please REPLACE the heading at page 4, line 8, with the following heading. 
-Detailed Description— 
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IN THE CLAIMS 

Please REPLACE the following paragraph beginning at page 11, line 1, with the following 
paragraph. 

--What Is Claimed Is:-. 

Please CANCEL claims 1-7. 

Please ADD new claims 8-14 as follows. 

8. (New) A network device for implementing Internet Protocol Security, comprising: 

at least one IP forwarder arranged to receive IP packets, each IP packet being 
associated with a Security Association (SA), the at least one IP forwarder is further arranged 
to determine the destination of each IP packet and to forward each IP packet to its destination; 

a plurality of security procedure modules coupled to the at least one IP forwarder and 
arranged to implement security procedures for received IP packets in parallel; and 

a security controller arranged to allocate negotiated S As among the security procedure 
modules and to notify the security procedure modules and the at least one IP forwarder of the 
allocation, whereby the at least one IP forwarder can send IP packets to the security procedure 
module implementing the associated SA. 

9. (New) A device according to claim 8, wherein the security procedure modules are 
coupled together to allow the forwarding of an IP packet from one security procedure module 
to another. 

1 0. (New) A device according to claim 8, wherein the security controller is responsible for 
creating and modifying IP packet filters in the at least one IP forwarder, and the filters are 
responsible for routing IP packets to the security procedure modules. 

1 1 . (New) A device according to claim 1 0, wherein the filtering of packets is carried out 
using at least one selector, the at least one selector being the Security Parameter Index (SPI), 
which identifies a S A and which is contained in a header of the IP packets. 
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12. (New) A device according to claim 8, wherein the security controller is coupled to an 
Internet Key Exchange (IKE) module which is responsible for negotiating SAs with peer IKE 
modules, and the security controller is arranged to receive from the IKE module details of 
negotiated SAs. 



13. (New) A device according to claim 8, wherein at least one of the at least one IP 
forwarder, security procedure modules, and security controller are implemented in at least or 
of software, hardware, and a combination of hardware and software. 

14. (New) A method of processing IP packets at a network device, the method comprising 
the steps of: 

allocating negotiated Security Associations (SAs) among a plurality of security 
procedure modules arranged to implement security procedures for received IP packets; 

notifying the security procedure modules and at least one IP forwarder of said 
allocation; and 

receiving IP packets at the at least one IP forwarder, identifying the SAs associated 
with the packets, and forwarding the packets to the security procedure modules implementing 
the associated SAs. 



IN THE ABSTRACT 

Please REPLACE the three paragraphs beginning at page 13, hne 2, with the 
following paragraph. 

--A network device for implementing hitemet Protocol Security (IPSec) and having at least 
one IP forwarder arranged to receive IP packets. Each IP packet is associated with a Security 
Association (SA). The at least one IP forwarder determines the destination of each packet, 
and forwards the packet to its destination. A plurality of security procedure modules are 
coupled to the at least one IP forwarder and are arranged to implement security procedures for 
received IP packets in parallel. A security controller is arranged to allocate negotiated SAs 
among the security procedure modules and to notify the security procedure modules and the 
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at least one IP forwarder of the allocation, whereby the at least one IP forwarder can send IP 
packets to the security procedure module implementing the associated S A.-- 



The specification and Abstract have been amended, and the claims have been replaced 
to place the application in better form for examination. Attached is a marked-up copy that 
reflects the changes. Favorable consideration is requested. 

It will be understood that the scope of the claims has not been narrowed or even 
changed by this Preliminary Amendment. Moreover, as already noted the claims have not 
been amended for reasons related to the statutory requirements for a patent but simply to 
improve their form and thus facilitate prosecution of this apphcation. Accordingly, those 
seeking to interpret these claims should not limit them only to their literal scopes. 



REMARKS 



Respectfully submitted. 



Burns, Doane, Swecker & Mathis, l.l.p. 




Michael G. Savage 
Registration No. 32,596 



P.O. Box 1404 

Alexandria, Virginia 223 13-1 404 
(919) 941-9240 



Dated: May 24, 2001 



"Express Mail" mailing label No. EL766036101US 
Date of Deposit: May 24, 2001 
I hereby certify that this paper or fee is being deposited with the United States Postal Service "Express Mai 
Addressee" service under 37 CFR 1.10 on the date indicated above and is addressed to the Assistant 
Coimnissioner of Patents, Washington DC 20231 




Judith Hams 
May 24. 2001 
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Attachment to Preliminarv Amendment dated Mav 24. 2001 

Marked-up Copy 



Page 1, heading at line 3. 

[Field of the Invention] Background 

Page 1, heading at line 8. 
[Background of the Invention] 

Page 2, heading at line 9. 

[Summary of the Invention] Summary 

Page 4, heading at line 8. 

[Detailed Description of a Preferred Embodiment] Detailed Descrip tion 

Page 1 1, paragraph beginning at line 1. 
[Claims] What Is Claimed Ts: 

Page 13, three paragraphs beginning at line 2. 
[IPSec Processing] 

A network device for implementing hitemet Protocol Security (JP Rbc) and [comprising] 
having at least one IP forwarder arranged to receive IP packets . Each IP packet [each of 
which] is associated with a Security Association (SA). The at least one IP forwarder[(s)] 
determines the destination[s] of [the] each packet[s], and forwards the packet[s] to [their] its 
destination[s]. A plurality of security procedure modules are coupled to the at least one IP 
forwarder[(s)] and are arranged to implement security procedures for received IP packets in 
parallel. A security controller is arranged to allocate negotiated S As [amongst] among the 
security procedure modules and to notify the security procedure modules and the at least one 
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IP forwarder[(s)] of the allocation, whereby the at least one IP forwarder[(s)] can send IP 
packets to the security procedure module implementing the associated SA. 

[Figure 2] 



